Five GDPR Myths Answered

Five GDPR Myths Answered

GDPR – GENERAL DATA PROTECTION REGULATION

MYTH 1: “GDPR IS NEW LEGISLATION”

  • No, it is not! It’s an extension of the current Data Protection Act 1998 in the UK – it takes some elements that are “best practice” currently and will make them a legal requirement.
  • Yes, there will be a new Act of Parliament but it will bring in national derogations.

Check Progress of the Data Protection Bill.

MYTH 2: “CONSENT IS NEEDED FOR ALL PROCESSING”

  • Codswallop! Consent is only one of 6 legal basis for processing under GDPR! So, use one of the others!
  • DIRECT MARKETING: The one occasion when you DO need consent to process and it needs to be clear.
  • NO MORE PRE-TICKED BOXES! – THEY WILL BE ILLEGAL!

“Consent” is being discussed in Europe December 2017 – so ICO guidance will issue a final version early 2018.

Find out about the 6 Legal Basis for Processing under GDPR.

 

MYTH 3: “I’VE GOT TO CHANGE ALL MY EXISTING SYSTEMS”!

  • NO! Rubbish!  “Privacy by Design” makes legislation fit your tried n tested systems that work for you!
  • Be transparent about compliance!

 

MYTH 4:  “I MUST HAVE A DATA PROTECTION OFFICER (DPO)”

  • PIFFLE! Under GDPR – the European Working Party (who lead on this) state that PUBLIC AUTHORITIES must appoint a DPO.
  • YES, you do need a central contact, but not a formal DPO

 

MYTH 5: ITS GONNA COST A BOMB TO PUT IN PLACE!

  • No, it doesn’t cost the earth… Contact us for a quote.

Many thanks to Robyn Banks @ AdaVista for busting these five common GDPR Myths.

Contact us for support preparing for GDPR.